How this template works
APIs Selection
The template uses a query parameter filter to extract the key and value from the request query parameters. It uses a regular expression to match any key and extracts it as "query_key". It also extracts the value as "query_value".
Execute request
The template modifies the query parameter by appending "%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2025%0d%0a%0d%0a%3Cscript%3Ealert(1)%3C/script%3E" to the "query_value". This payload is designed to perform an HTTP response splitting attack by injecting a malicious script.
Validation
The template validates the response payload by checking if it contains either the string "<script>alert(1)</script>". If the response contains this string, it indicates that the attack was successful.
Frequently asked questions
"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "
Security team,
Rippling